AI vulnerability discovery is pushing 2026 CVEs toward 66,000
Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original …
Senior engineers are spending their week cleaning up AI-generated code
At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, …
Cybercriminals are moving away from mass phishing campaigns
Phishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed …
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine …
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into …
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model …
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s …
Identity theft is turning into a chain reaction for victims
For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft …
Scams now operate like real businesses with budgets and targets
Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global …
The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These …
Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup
Fans looking for tickets, accommodation and match broadcasts are already encountering scams tied to the 2026 FIFA World Cup. The 2026 FIFA World Cup will bring millions of …
52% of direct-to-IP threats are missing from intelligence feeds
Security tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where …
Featured news
Resources
Don't miss
- China-linked spies backdoored authentication stack to stay hidden for years
- AI vulnerability discovery is pushing 2026 CVEs toward 66,000
- PhishLumos: Exposing phishing campaigns that evade detection by hiding content
- Onspring CISO on where automated GRC systems fall short
- Open-source CI/CD abuse detector guards against stolen credential attacks